1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hi-Jackthis *Updated* Log.

Discussion in 'Virus & Other Malware Removal' started by James19, Sep 12, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. James19

    James19 Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    19
    Alright I updated Hi-Jack this. but it looks the same in terms of whats there.

    Logfile of HijackThis v1.97.2
    Scan saved at 1:10:30 PM, on 9/12/2003
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wins\DLLHOST.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\EarthLink 5.0\ConMgr.exe
    C:\Program Files\EarthLink 5.0\Browser.exe
    C:\WINDOWS\System32\wins\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\EarthLink 5.0\FastLane\ARUpld32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\My Documents\Hi-Jackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:/HP/REGION/start.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:/HP/REGION/start.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://C:/HP/REGION/start.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
    O4 - Startup: Registration-Studio 7SE.lnk = C:\Program Files\Pinnacle\Studio\Register\RegTool.exe
    O4 - Global Startup: EarthLink ToolBar 5.0.lnk = C:\Program Files\EarthLink 5.0\etoolbar.exe
    O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ConferenceRoom Java Client - http://web.webchat.org/java/cr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cameras.thibault.com/activex/AxisCamControl.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5A861F39-AB8D-4A94-8D2C-2B96F8AA12BC}: NameServer = 207.69.188.186 207.69.188.187
     
  2. OlTramp

    OlTramp

    Joined:
    May 3, 2003
    Messages:
    151
    Hi James,
    You have MSBLAST D., here-
    C:\WINDOWS\System32\wins\svchost.exe
    C:\WINDOWS\System32\wins\DLLHOST.EXE
    I don't know how to repair it but you should find the info you want here-
    http://www.pchell.com/virus/welchia.shtml
    Please respond back to this thread and let me know how it goes.
    You can do a free virus scan at one of these sites.
    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.wilders.org/free_services.htm
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm
     
  3. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
  4. James19

    James19 Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    19
    Thank you so much!

    It was indeed the msblast d variant.

    I followed the instructions,downloaded the patchs and deleted the files. I have now rebooted twice. Just to make sure they didn't copy to any other directories.

    My computer run's like it's brand new. Pages only take a few second's to loadup.
     
  5. OlTramp

    OlTramp

    Joined:
    May 3, 2003
    Messages:
    151
    Glad to hear it and glad we could help.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164325

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice